cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
638
Views
9
Helpful
4
Replies

Firewall Config - Block access to the internet

danny9797
Level 1
Level 1

What command would I use to block all internal access from a LAN, from reaching the internet?

Thanks

4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

shut the interface/remove the nat or global/specifically deny protocls you want blocked/remove default route, many different ways, if you provide more info maybe we can give a more detailed solution.

HTH and please rate.

Lets say for example that we still want traffic to flow to another LAN (WAN communication). So I just want to block internet access from all users on the one LAN.

Hi

Well there are a number of ways to do it. One way -

local LAN 192.168.1.0/24

remote LAN 172.16.5.0/24

access-list acl_inside permit ip 192.168.1.0 255.255.255.0 172.16.5.0 255.255.255.0

access-list acl_inside deny ip 192.168.1.0 255.255.255.0 any

access-group acl_inside in interface inside

Couple of things to be aware of.

1) There is an explicit deny at the end of the access-list so if you have other networks you want to allow access to/from you need to include them in your access-list.

2) I'm assuming this is a pix firewall - is this the case ?

HTH

Jon

thanks a lot

yes the firewall is a Pix.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: